Tuesday, 12 November 2013

A criminal attack is behind
the data breach affecting customers of SuperValu and Axa Insurance, the data
protection commissioner said today

Billy Hawkes also said warned that the criminals involved have the
information needed to use the credit cards of people affected by the data
breach.

“We were told about the original issue last week, last Monday, but we
were updated and told the situation was more serious because we now know the
criminals involved have all the information needed to use the credit cards of
the people concerned to make purchases,” he told RTE’s Morning Ireland.

As a result, the Consumers Association of Ireland (CAI) is advising
affected customers to cancel their credit cards.

"We’re suggesting that customers certainly get in contact with
their credit card providers immediately," said Dermott Jewell, Policy and
Council Advisor at the CAI.

"In light of what the Data Commissioner has announced this morning
- that criminals have full access to confidential bank details – we would
advise those affected to contact their credit providers and get advice on how
to proceed."

Mr Hawkes said today a team of investigators is to enter Loyaltybuild in
Clare- the company operating the loyalty holiday scheme on behalf of the
companies.

The company operates loyalty schemes for a number of European companies,
he told RTE radio’s Morning Ireland.

“That is why we need to send in our inspection team,” Mr Hawkes said.

“We need to find out for ourselves if more action is needed to be
taken.”

Earlier it emerged that the breach was worse than expected - over 60,000
SuperValu customers may have had their financial
data stolen after the retailer announced a data breach is more extensive than
first thought.

Axa Insurance said about 8,000 customers had been affected.

Last week, Super Valu warned customers of its loyalty holiday scheme
that their banking information may have been accessed by a third party.

The programme has since been suspended and the data protection
commissioner was informed of the leak - but at the time SuperValu said it was
not aware of any breaches of financial information

But tonight a statement by SuperValu warns customers that Loyaltybuild
had advised the Data Protection Commissioner that the security breach of its
system “is more extensive than it first anticipated”.

“Based on this latest information from Loyalty Build, SuperValu are
tonight contacting Getaway Breaks customers that there is a high risk that an
unauthorised third party accessed the details of payment cards used to pay for
Getaway Breaks between January 2011 and February 2012,” the statement read.

It said that 62,500 customers who made bookings during this period have
been told to contact their bank or financial institution as soon as possible.

They have also been advised to immediately check the transactions on
their payment cards for any suspicious activity.

Customers of the scheme have also been advised to treat any unsolicited
communication they receive claiming to represent SuperValu Getaway Breaks or
Loyalty Build with extreme caution.

Super Valu and Loyaltybuild are continuing to investigate the matter
which is affecting customers of the holiday scheme only.